What is CVE-2025-1336?

A medium-severity vulnerability in CmsEasy 7.7.7.9 could allow remote attackers to exploit the deleteimg_action function for path traversal. Immediate remediation is recommended.

What is the severity of CVE-2025-1336?

CVE-2025-1336 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1336 | Medium Vulnerability in CmsEasy CmsEasy

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

With a CVSS score of 5.3, this vulnerability poses a medium severity risk. Organizations using this version of CmsEasy should be aware of the potential for unauthorized access through path traversal, which can lead to unauthorized file access and exposure of sensitive data.

Risk to organizations includes potential data breaches and unauthorized file manipulations. Therefore, organizations should prioritize patching immediately.

Currently, there is no known public exploit confirmed for this vulnerability, but the risk remains significant due to its disclosed nature.

Vulnerability Details

The vulnerability in CmsEasy 7.7.7.9 is characterized by improper input validation in the deleteimg_action function, leading to path traversal vulnerabilities. The CVSS score of 5.3 indicates a medium severity level, primarily due to its network attack vector and low complexity requirements for exploitation.

The affected product is CmsEasy, specifically version 7.7.7.9. The vulnerability was published on February 16, 2025, and is classified under CWE-22.

Technical Analysis

The root cause of the vulnerability lies in the inadequate validation of user input, specifically the imgname argument within the deleteimg_action function. This oversight allows attackers to manipulate the input to perform path traversal, enabling them to access files outside of the intended directories.

The attack vector is classified as network-based, meaning that an attacker can exploit this vulnerability remotely without physical access to the vulnerable system. The attack complexity is low, requiring minimal effort from the attacker. Privileges required for exploitation are low, making it easier for unauthorized users to execute the attack. User interaction is not required, further increasing the risk.

The vulnerability has a low impact on confidentiality, integrity, and availability according to CVSS metrics, but it can still lead to unauthorized access to sensitive files and data.

Risk & Impact Analysis

Real-world deployment of this vulnerability poses a risk of unauthorized access to sensitive files, potentially leading to data breaches. Organizations should assess the potential blast radius, especially if sensitive data is stored within the application. Given the low complexity and the public knowledge of the exploit, organizations should address in priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The specific version affected by this vulnerability is CmsEasy 7.7.7.9. Organizations should ensure they update to a patched version as soon as it becomes available.

Mitigation & Remediation

To mitigate this vulnerability, organizations should prioritize patching the CmsEasy application. If a patch is not immediately available, consider implementing input validation measures to prevent path traversal, and restrict access to the vulnerable functions.

For continuous security improvements, organizations should engage in continuous security testing to validate the effectiveness of their security measures.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts to the deleteimg_action function. Behavioral anomalies such as unexpected file access or modifications should also be flagged for review.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability is that it highlights the necessity for robust input validation mechanisms within web applications. As organizations increasingly rely on online services, the potential for exploitation of such vulnerabilities persists.

Security teams should conduct thorough assessments and adopt best practices around security testing to identify and remediate vulnerabilities proactively.

In addition, organizations should consider reviewing their overall vulnerability management programs to ensure that they are well-prepared to respond to new threats.

Lastly, this vulnerability serves as a reminder of the importance of maintaining an effective penetration testing methodology to uncover and address weaknesses in software before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1336: Medium Vulnerability in CmsEasy CmsEasy